Safety critical systems, SCS, may include a plurality of interconnected components or subsystems. A safety critical system may be a complex safety critical system including a plurality of subsystems. Each subsystem may include software and/or hardware components. These complex safety critical systems may include embedded systems. There is a strong trend to interconnect formerly isolated embedded systems or subsystems to create open, adaptive and heterogeneous systems-of-systems (e.g., cyber-physical systems CPS). Since embedded systems or subsystems often implement safety-relevant functionalities, safety assurance is a major challenge in the design of safety critical systems SCS. Such a safety critical system SCS may include coupled embedded systems that interact spontaneously at runtime or where safety system operation is to be provided during runtime. Therefore, automatic construction of safety cases is to be provided to check if safety requirements are fulfilled.
Conventionally, safety analysis techniques are used during the development stage of the safety critical system. In order to support safety assessment during runtime of the safety critical system, safety analysis methodologies that enable an automatic generation of safety cases using component-based models are employed. Component fault trees, CFT, may be used for safety evaluation, which enables the reuse and modular composition of safety analysis models. However, component fault trees do not support an automatic construction of safety cases on a system level, since the failure modes of interacting components are to be connected by a user manually.